Privacy Policy

Information Privacy Policy of CNPAY PTY LTD (“CNPay”)

 

This information privacy policy (the “Policy”) sets out the obligations of CNPay as data user in complying with the provisions of the Privacy Act and in particular, the Australian Privacy Principles set out in Schedule 1 thereto, on how to properly handle personal information collected from customers and interested persons (including without limitation users of the Website and the Services) in the course of its business, which cover issues relating to inter alia collection, management, storage, disclosure, use and correction of, and access to, such personal information.

 

By accessing or browsing the Website and/or completing the application form to become customers of CNPay for the provision of the Services, each of the individuals or data subjects (being shareholders and/or directors of the customers and/or other interested persons) acknowledges that he/she has read, understood and agreed to abide by the terms and conditions set out in this Policy.

 

Definitions

Affiliate”                          means any company, partnership or other entity which directly or indirectly Controls (as hereinafter defined), is Controlled by or is under common Control with CNPay;

Control”                           has the meaning given by the Corporations Act 2001 (Cth);

Privacy Act”                     means the Privacy Act 1988 (Cth);

Sensitive Information” has the meaning given by the Privacy Act;

Services”                          means the electronic payment processing/gateway services provided by CNPay or its business partner(s) to its customers;

Website”                          means the website www.cnpay.com.au, which is developed, owned, operated and managed by CNPay.

 

A. Collection of Personal Information for the Purposes

To preserve the confidentiality of all personal information provided to CNPay, CNPay maintains the following privacy principles:

  1. CNPay only collects personal information from the customers and/or users of the Website that is reasonably necessary for the provision of the Services or with consent.
  2. Personal information collected from the customers is limited to: name, date of birth, residential address, email address, telephone number.
  3. The personal information collected will be used for the following purposes (collectively, the “Purposes”):
  • provision of the Services to the customers;
  • communication with the customers and users of the Website that is reasonably necessary for the provision of the Services;
  • verification of personal particulars of the data subjects (being shareholders and/or directors of the customers and/or other interested persons), as part of the customer due diligence process or otherwise that is reasonably necessary for the provision of the Services;
  • handling of enquiries, data access and/or data correction requests and complaints (if any) from the data subjects and users of the Website;
  • circulation or distribution of marketing and advertising materials that is reasonably necessary for the provision of the Services, prepared or provided by CNPay or any of its Affiliates and business partners, to the data subjects and users of the Website;
  • enhancement of the service quality of CNPay;
  • prevention of crime or compliance with applicable laws.
  1. The personal information shall be collected by lawful and fair means.
  2. It is necessary for the customers to supply the personal information required, failing which CNPay may not be able to process their applications and provide the Services to them.
  3. CNPay shall not use the personal information for any purpose other than the Purpose unless CNPay has notified the data subjects or users of the Website of such use and obtained their prior consent in writing before any such use.

 

B. Storage and Processing of Personal Information

  1. The personal information collected may be (a) disclosed to CNPay’s directors, officers, employees, consultants and data processors on a “reasonably-necessary-to-know” basis in the provision of the Services, provided that they shall, by contractual or other means, abide by the confidentiality obligations set out herein; and (b) transferred to any competent authorities in Australia or other jurisdictions in compliance with applicable laws or pursuant to any court orders.
  2. Save for the circumstances stipulated in the preceding paragraph, no disclosure of the personal information will be made by CNPay to any third parties without the data subjects’ prior written consent.
  3. CNPay will take reasonably practicable steps to ensure that the personal information collected is not kept longer than is reasonably necessary for fulfillment of the Purpose for which it is or is to be used.
  4. If CNPay engages a data processor to process personal information on its behalf, CNPay will adopt contractual or other means to prevent any personal information transferred to the data processor from (i) any unauthorized or accidental access, processing, erasure, loss or use; and (ii) being kept longer than is necessary for processing of the data.

 

C. Security

  1. CNPay will take the following measures to protect the information from misuse, interference, loss, unauthorized access, modification or disclosure:
  • sensitive personal information (e.g., identity card and passport number) stored in the backend server will be protected by access control and encryption;
  • only employees and officers authorized on a “reasonably-necessary-to-know” and “reasonably-necessary-to-access” basis will be allowed access to and use the personal information for the Purpose;
  • the adoption of adequate IT (information technology) security measures to protect personal information from hacking, unauthorized or accidental access, processing, erasure, loss or use;
  • the keeping of proper logs and trails of access to the personal information for the purpose of monitoring any warning sign of data leakage at its earliest stage;
  • the provision of on-the-job training to promote privacy awareness and to enhance the prudence, competence and integrity of the employees who are to handle personal information.
  1. CNPay will take all reasonably practicable steps to destroy personal information or to ensure that the information is de-identified when the data held by it is no longer required for the purpose for which it was used.

 

D. Direct Marketing

CNPay will obtain the data subjects’ prior written consent before circulation or distribution of any marketing and advertising materials relating to the Services (prepared by CNPay or any of its Affiliates and business partners) to them, and will cease to use such personal information in direct marketing if any of the data subjects so requires.  Consent is deemed to be obtained if:

  1. for information other than Sensitive Information:
  • CNPay collected the information from the individual; and
  • the individual would reasonably expect CNPay to use or disclose the information for direct marketing; and
  • CNPay provides a simple means by which the individual may easily request not to receive direct marketing communications from CNPay; and
  • the individual has not made such a request to CNPay;
  1. for Sensitive Information:
  • CNPay collected the information from:
    1. the individual and the individual would not reasonably expect CNPay to use or disclose the information for director marketing; or
    2. someone other than the individual; and
  • either:
    1. the individual has consented to the use or disclosure of the information for direct marketing; or
    2. it is impracticable to obtain that consent; and
  • CNPay provides a simple means by which the individual may easily request not to receive direct marketing communications from CNPay; and
  • in each direct marketing communication with the individual:
    1. CNPay includes a prominent statement that the individual may make such a request; or
    2. CNPay otherwise draws the individual’s attention to the fact that the individual may make such a request; and
  • the individual has not made such a request to CNPay.

 

E. Use of Cookies

CNPay will record users’ visits to the Website by collecting and storing information such as domain name, server and IP addresses (internet protocol addresses) in the cookies, which will be used for facilitating and customizing users’ experience with the Website, and such information will not be disclosed to any unauthorized persons save and except in the circumstances set out in Section B above.

 

F.Third Party Websites

This Policy applies to users and browsers of the Website and confers no protection to users and browsers when he/she leaves the Website for any third party website which is not operated and managed by CNPay.  In this regard, the users and browsers of the Website should be reminded that they should carefully review the privacy policies set out in any third party website before providing any personal information as required, in respect of which CNPay will not be responsible for any loss or damage sustained by the users and browsers resulting from their visits to such third party website.

 

G.Date Access / Correction Requests

To the extent permitted by the Privacy Act and other applicable laws, each of the data subjects shall have the right to make a request for access to his/her personal information held by CNPay, and if he/she subsequently detects any inaccurate, out-of-date, incomplete, irrelevant or misleading information in relation to his/her personal information, he/she may make a data correction request to CNPay.  If any of the users/browsers of the Website and data subjects has any questions or concerns regarding this Policy, he/she may contact CNPay’s Personal Data Management Officer by e-mail at support@cnpay.com.au.  CNPay may charge a reasonable fee for processing any data access/correction request.

 

H.Compliant about a Breach of the Australian Privacy Principles

Any data subject may complain to CNPay by e-mail at support@cnpay.com.au about acts or practices that may be a breach of certain provisions of the Privacy Act or this Policy.  CNPay will investigate the complaint and provide a resolution about the complaint.  If the data subject is not satisfied about CNPay’s resolution, he/she may have a right to complain to the Office of the Australian Information Commissioner about an act or practice that may be an interference with the privacy of the data subject.

 

I. Changes to this Policy

CNPay reserves its right to revise and update any part of this Policy from time to time, taking into account any changes to the scope of its Services and amendments to the Ordinance and relevant laws.